Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/hpXTIBNpBHBw2rA5lIwqnBdx6go.roa
File:                     hpXTIBNpBHBw2rA5lIwqnBdx6go.roa (raw, json)
Hash identifier:          37pwktX3qoFW4vdaXxwH9G240nqN4KUGmTR0QpY7ofk=
Subject key identifier:   86:95:D3:20:13:69:04:70:70:DA:B0:39:94:8C:2A:9C:17:71:EA:0A
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01887DC48996122140B6536F9983A44F0F4A
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/hpXTIBNpBHBw2rA5lIwqnBdx6go.roa
Signing time:             Fri 02 Jun 2023 20:20:12 +0000
ROA not before:           Fri 02 Jun 2023 20:20:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3320
IP address blocks:        163.5.212.0/24 maxlen: 24
                          163.5.105.0/24 maxlen: 24
                          163.5.106.0/24 maxlen: 24
                          163.5.220.0/24 maxlen: 24
                          163.5.115.0/24 maxlen: 24
                          163.5.242.0/24 maxlen: 24
                          163.5.32.0/24 maxlen: 24
                          163.5.159.0/24 maxlen: 24
                          163.5.153.0/24 maxlen: 24
                          163.5.168.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 05 Jun 2023 16:36:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:7d:c4:89:96:12:21:40:b6:53:6f:99:83:a4:4f:0f:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jun  2 20:20:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8695d3201369047070dab039948c2a9c1771ea0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:34:d8:53:80:a7:00:69:50:19:c2:bf:a7:74:
                    ae:cc:e1:f2:34:fd:5c:c9:0a:1a:ec:65:db:ef:f5:
                    ba:35:ba:05:97:1d:58:65:50:05:4d:a0:c9:31:81:
                    d9:66:d1:f1:63:14:31:32:f6:ca:ac:31:6d:00:0a:
                    8f:a4:a8:80:3f:f5:23:b6:dc:cb:e4:27:b6:ad:05:
                    49:34:3d:81:f3:b3:46:67:36:aa:ba:cd:ff:fb:d8:
                    a3:fd:ef:8b:fe:17:68:db:98:76:b0:98:7e:49:75:
                    59:fa:de:19:66:35:00:37:97:2c:44:3c:2f:79:9c:
                    24:4d:7a:62:c8:a3:f1:6c:5d:9a:79:a2:28:0f:5f:
                    67:1e:da:9d:68:17:86:c0:f1:25:11:4d:4a:b1:f8:
                    85:4b:43:04:bd:c6:d6:c2:7e:bb:e4:47:6c:f2:d9:
                    d3:0a:da:66:63:55:02:ad:a5:93:cc:a8:56:92:aa:
                    0b:66:6a:81:dc:c6:89:3d:41:da:05:f1:6e:0c:d5:
                    bb:46:cd:50:2c:08:df:21:2e:e3:a1:e6:17:4b:76:
                    d7:fb:07:20:8f:04:7a:c3:48:a4:93:89:5d:81:b2:
                    0b:eb:5a:c7:1b:f5:77:89:c1:18:43:90:41:0e:aa:
                    c6:67:e4:d2:7b:88:16:52:b0:51:47:d1:13:2d:74:
                    8b:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:95:D3:20:13:69:04:70:70:DA:B0:39:94:8C:2A:9C:17:71:EA:0A
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/hpXTIBNpBHBw2rA5lIwqnBdx6go.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.32.0/24
                  163.5.105.0-163.5.106.255
                  163.5.115.0/24
                  163.5.153.0/24
                  163.5.159.0/24
                  163.5.168.0/24
                  163.5.212.0/24
                  163.5.220.0/24
                  163.5.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:6f:d9:2c:13:3e:0b:dd:43:ed:ac:75:2a:83:7b:e3:2e:95:
         00:a0:d6:98:cc:9e:3b:fe:75:43:74:cf:92:69:66:12:41:f7:
         c0:fe:ec:15:81:a8:32:6d:4b:7f:45:25:33:01:c0:33:8c:9b:
         02:d5:61:17:21:f2:7c:ce:10:0b:f3:01:3d:09:29:2c:a7:e7:
         ba:73:e1:ef:83:fd:fe:3e:b8:ee:48:e5:97:b4:18:e6:59:77:
         ec:3b:81:39:cf:5b:c0:8b:b0:f6:cc:c7:03:73:f7:25:21:fd:
         68:31:49:24:13:66:a5:38:32:33:db:ae:76:b2:fd:83:25:33:
         30:e6:2b:ae:1f:f5:90:8f:da:e9:95:b2:f5:20:9c:36:45:33:
         13:e5:e3:e7:d8:61:84:73:e7:fa:93:83:91:58:e8:51:40:fe:
         d0:d8:9f:5a:77:29:1d:a2:50:ae:39:5d:a3:97:68:29:3c:f4:
         7a:0d:34:ab:4e:3f:43:f5:70:ab:1b:3f:a3:d0:48:8f:74:e7:
         91:13:14:b3:b5:9b:53:1a:39:86:0c:d6:6d:c1:cc:8f:57:eb:
         8b:49:60:66:10:1e:b2:92:eb:38:17:f6:60:09:66:5a:3b:e4:
         59:dc:e1:6a:82:55:00:35:0f:f1:db:12:34:84:5b:73:be:cc:
         48:fa:12:c5
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYh9xImWEiFAtlNvmYOkTw9KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwNjAyMjAyMDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Njk1ZDMyMDEzNjkwNDcwNzBkYWIwMzk5NDhjMmE5YzE3NzFlYTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDTYU4CnAGlQGcK/p3SuzOHyNP1c
yQoa7GXb7/W6NboFlx1YZVAFTaDJMYHZZtHxYxQxMvbKrDFtAAqPpKiAP/UjttzL
5Ce2rQVJND2B87NGZzaqus3/+9ij/e+L/hdo25h2sJh+SXVZ+t4ZZjUAN5csRDwv
eZwkTXpiyKPxbF2aeaIoD19nHtqdaBeGwPElEU1KsfiFS0MEvcbWwn675Eds8tnT
CtpmY1UCraWTzKhWkqoLZmqB3MaJPUHaBfFuDNW7Rs1QLAjfIS7joeYXS3bX+wcg
jwR6w0ikk4ldgbIL61rHG/V3icEYQ5BBDqrGZ+TSe4gWUrBRR9ETLXSLhQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFIaV0yATaQRwcNqwOZSMKpwXceoKMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvaHBYVElCTnBCSEJ3MnJBNWxJd3FuQmR4NmdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAowUgMAwD
BACjBWkDBACjBWoDBACjBXMDBACjBZkDBACjBZ8DBACjBagDBACjBdQDBACjBdwD
BACjBfIwDQYJKoZIhvcNAQELBQADggEBAGlv2SwTPgvdQ+2sdSqDe+MulQCg1pjM
njv+dUN0z5JpZhJB98D+7BWBqDJtS39FJTMBwDOMmwLVYRch8nzOEAvzAT0JKSyn
57pz4e+D/f4+uO5I5Ze0GOZZd+w7gTnPW8CLsPbMxwNz9yUh/WgxSSQTZqU4MjPb
rnay/YMlMzDmK64f9ZCP2umVsvUgnDZFMxPl4+fYYYRz5/qTg5FY6FFA/tDYn1p3
KR2iUK45XaOXaCk89HoNNKtOP0P1cKsbP6PQSI9055ETFLO1m1MaOYYM1m3BzI9X
64tJYGYQHrKS6zgX9mAJZlo75Fnc4WqCVQA1D/HbEjSEW3O+zEj6EsU=
-----END CERTIFICATE-----